Tools

SmartBear Aims To Tame Undocumented REST APIs

By Adrian Bridgwater, April 11, 2014

SoapUI Pro 5.0 gets undocumented APIs under test

SmartBear has announced the general availability of SoapUI 5.0, with features to support the REST API testing market, specifically the challenge of undocumented REST APIs. SoapUI 5.0 adds what are said to be "richer" REST testing capabilities including support for REST Discovery, REST Mocking, and OAuth 2.0.

REST is the rapidly "predominant" method used to build public APIs for web applications and, along with SoapUI (says SmartBear), shortens learning curves, improves time-to-market, and helps to identify bugs.

A common problem with REST APIs is that they do not require any documentation explaining how the API works, the available requests, and expected responses. These problems have created an "abundance of undocumented APIs" where functionality is only partially disclosed or not disclosed at all.

SmartBear points out that testing these APIs is time consuming, as it requires the user to either get information from the API developer or the user must try and explore the API code manually.

"By using SoapUI's REST Discovery, the user can record the interactions and traffic with the API and automatically add the resources associated with the API into SoapUI. Further, REST Discovery allows users to create a test suite from the recorded interactions, saving critical time that would otherwise have been spent trying to understand the API and setting up the required tests associated with it. REST Discovery can either record traffic via SoapUI's internal browser, a proxy, native browsers, or even mobile apps. Any traffic going through the defined proxy is picked up by SoapUI, where resources are plotted and test suites are set up," said Matti Hjelm, product owner of SoapUI at SmartBear.

In addition to REST Discovery, new SoapUI Pro 5.0 contains REST Mocking. A REST API, per definition, does not require specification of what responses certain requests can receive. Hence, setting up a mock can become a time-consuming activity with having to manually define each response the mocked API should provide. By first exploring your API using REST Discovery, SoapUI automatically captures all the responses received. Users then seamlessly create a full mock — requests, responses, and headers — based on recorded interactions. This, apart from saving time, ensures realistic data is used in the mock.

SoapUI 5.0 adds support for OAuth 2 protected APIs. SoapUI's OAuth 2 Profiles allow users to set up credentials for users. This allows for switching between different user credentials, and so (potentially) saving the hassle of reentering them multiple times. Furthermore, through SoapUI's OAuth 2 Flow Automation, users can set up automatic token refreshment, enabling users to easily hook OAuth 2 protected API’s tests to Continuous Integration environments.

Dr. Dobb's encourages readers to engage in spirited, healthy debate, including taking us to task.
However, Dr. Dobb's moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing or spam. Dr. Dobb's further reserves the right to disable the profile of any commenter participating in said activities.

Video

This month's Dr. Dobb's Journal

This month,
Dr. Dobb's Journal is devoted to mobile programming. We introduce you to Apple's new Swift programming language, discuss the perils of being the third-most-popular mobile platform, revisit SQLite on Android
, and much more!